cleantalk
Vulnerabilities and Security Researches

CTT Expresso para WooCommerce, CVE-2024-6687

CVE, Research URL

CVE-2024-6687

Home page URL

Security reports for CTT Expresso para WooCommerce

Application

CTT Expresso para WooCommerce

Published on
Aug 01, 2024
Research Description
The CTT Expresso para WooCommerce plugin for WordPress is vulnerable to sensitive information exposure in all versions up to and including 3.2.12 via the /wp-content/uploads/cepw directory. The generated .pdf and log files are publicly accessible and contain sensitive information such as sender and receiver names, phone numbers, physical addresses, and email addresses
Affected versions
Min -, max 3.2.13.
Status
vulnerable
Previous vulnerability researches
CTT Expresso para WooCommerce (CVE-2024-6687) , Aug 01, 2024
CTT Expresso para WooCommerce (CVE-2024-6478) , May 19, 2025
CTT Expresso para WooCommerce (CVE-2022-47589) , Jun 06, 2024
New vulnerability
PowerPress Podcasting plugin by Blubrry (CVE-2024-9227) , May 19, 2025
Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC (CVE-2024-9450) , May 19, 2025
PWA for WP & AMP (CVE-2024-7759) , May 19, 2025
Badgearoo (CVE-2025-1033) , May 19, 2025
All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic (CVE-2025-2892) , May 19, 2025